17 matches found
EUVD-2024-32756
Malicious code in bioql PyPI...
EUVD-2024-47823
Malicious code in bioql PyPI...
CVE-2025-43782
The CVE-2025-43782 entry covers an Insecure Direct Object Reference (IDOR) in Liferay Portal/DXP where the workflow-definition API exposes resources by name, enabling remote authenticated users to access workflow definitions without proper authorization. Affected products/versions include Liferay...
GHSA-FVP7-JJ9M-3QPF Liferay Portal's Incorrect Authorization vulnerability can lead to guest users to obtaining sensitive data
An Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entry information via the API Builder...
CVE-2025-43777
CVE-2025-43777 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP versions 2025.Q1.0–2025.Q2.9 (and earlier 2024.Q1.1–2024.Q4.7, 2024.Q2.0–2024.Q2.13, 2024.Q3.0–2024.Q3.13). The issue: an Internal Server Error is exposed in the login response when a request uses a deleted Client Secret. Root ...
CVE-2024-6791
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versio...
CVE-2024-6794
A deserialization of untrusted data vulnerability exists in NI VeriStand Waveform Streaming Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions...
CVE-2024-6806 Missing Authorization Checks In NI VeriStand Gateway For Project Resources
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions...
CVE-2024-6805 Missing Authorization Checks in NI VeriStand Gateway for File Transfer Resources
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access File Transfer resources. These missing checks may result in information disclosure or remote code execution. This affects NI VeriStand 2024 Q2 and prior versions...
CVE-2024-6805
The CVE-2024-6805 entry concerns NI VeriStand Gateway missing authorization checks when an actor accesses File Transfer resources (IFileTransferServer / ProjectServer surface). Affected product: NI VeriStand 2024 Q2 and prior versions. Impact stated in sources includes information disclosure and ...
CVE-2024-6793 Deserialization of Untrusted Data in NI VeriStand DataLogging Server
A deserialization of untrusted data vulnerability exists in NI VeriStand DataLogging Server that may result in remote code execution. Successful exploitation requires an attacker to send a specially crafted message. These vulnerabilities affect NI VeriStand 2024 Q2 and prior versions...
CVE-2024-6791 Directory Path Traversal Vulnerability in NI VeriStand with vsmodel Files
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versio...
CVE-2024-6791 Directory Path Traversal Vulnerability in NI VeriStand with vsmodel Files
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .vsmodel file. This vulnerability affects VeriStand 2024 Q2 and prior versio...
CVE-2024-6675
CVE-2024-6675 describes a deserialization of untrusted data vulnerability in NI VeriStand, specifically in the NIVSPRJ/project-file parsing. The underlying flaw is deserializing data from a crafted project file during processing of NIVSPRJ elements, which can lead to remote code execution. Exploi...
CVE-2024-6675 Deserialization of Untrusted Data Vulnerability in NI VeriStand Project File
A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects VeriStand 2024 Q2 and prior versions...
CVE-2024-6675 Deserialization of Untrusted Data Vulnerability in NI VeriStand Project File
A deserialization of untrusted data vulnerability exists in NI VeriStand that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects VeriStand 2024 Q2 and prior versions...
PT-2024-37868 · National Instruments · Ni Veristand
Name of the Vulnerable Software and Affected Versions: NI VeriStand versions prior to 2024 Q2 Description: A deserialization of untrusted data issue exists in the NI VeriStand Waveform Streaming Server, potentially leading to remote code execution. Successful exploitation requires an attacker to...